<?php

if ( !class_exists( "BME_user" ) ) {
require_once("Base.php");

class BME_user extends BME_base {
	
	var $valid;	// bool	Validated user?
	var $username;	// str	The username (name to login)
	var $name;	// str	The user's name
	var $admin;	// bool	Is an admin?
	var $userError;	// str	A buffer saving the last error.
	
	/**
	 * bme_user new bme_user(void);
	 * @return bme_user (object).
	 */
	function BME_user() {
		parent::__constructor();
		
		$this->valid = false;
		$this->admin = 4;
		if ( isset($_POST['username']) & isset($_POST['password'])):
			$this->validateUser($_POST['username'],md5($_POST['password']));
		elseif( isset($_COOKIE['username']) & isset($_COOKIE['username']) ):
			$this->validateUser($_COOKIE['username'],$_COOKIE['password']);
		endif;
	}
	/**
	 * bool isvalid(void);
	 * @return bool: Validated user?
	 */
	function isValid() {
		return $this->valid;
	}
	/**
	 * str geterror(void);
	 * @return str: The error token, or an empty string.
	 */
	function getError(){
		return (string)$this->userError;
	}
	/**
	 * int getlevel(void);
	 * @return int: The level of access.
	 */
	function getLevel() {
		return $this->admin;
	}
	/**
	 * str getname(void);
	 * @return str: The User's name shortened.
	 */
	function getName() {
		assert('$this->valid');
		$name = $this->name;
		while ( strlen($name)>15 & strpos($name," ") ):
			$name = ereg_replace(" [^ ]*$","",$name);
		endwhile;
		if ( strlen($name) > 15 ):
			$name = substr($name,0,12)."...";
		endif;
		return ($name ? $name : $this->getUserName);
	}
	/**
	 * str getusername(void);
	 * @return str: The Username.
	 */
	function getUserName() {
		assert('$this->valid');
		return $this->username;
	}
	/**
	 * void signout(void);
	 */
	function signOut() {
		$this->valid = false;
		$this->admin = 4;
		setcookie("username", "", time(), BME_SITE);
		setcookie("password", "", time(), BME_SITE);
		return;
	}
	/**
	 * bool validateuser(str usr, str pwd);
	 * @param str usr: The username.
	 * @param str pwd: The password md5'ed.
	 * @return bool: True if valid, false otherwise (and saves error code on $this->userError).
	 */
	function validateUser($usr,$pwd) {
		assert('is_string($usr)');
		assert('is_string($pwd)');
		$this->openDB();
		$res = $this->DBquery("select * from `User` where `username`='".$this->Dbescape($usr)."' and `password`='".$this->DBescape($pwd)."'");
		if ( $row = $this->DBfetch_assoc($res) ):
			$this->setUserByRow($row);
			$set = setcookie("username", $usr, 0, BME_SITE) & setcookie("password", $pwd, 0, BME_SITE);
			if ( $set ):
				$this->valid = true;
			else:
				$this->userError = "user_disabledCookies";
				$this->valid = false;
			endif;
		else:
			$set = setcookie("username", $usr, time()+10, BME_SITE) & setcookie("password", $pwd, time()+10, BME_SITE);
			$this->userError = "user_badUsernameOrPassword";
			$this->valid = false;
		endif;
		$this->closeDB();
		return $this->valid;
	}
	/**
	 * void setuserbyrow(arr row);
	 * @param arr row: The array as returned by $this->DBfetch_assoc, with complete row of user.
	 */
	function setUserByRow($row) {
		assert('is_array($row)');
		$this->username = $row["username"];
		$this->name = $row["name"];
		$this->admin = (int)$row["level"];
		return;
	}
	/**
	 * bool createuser(str username, str password, str name, str email);
	 * @param str username.
	 * @param str password: The password on clear text (not md5'ed).
	 * @param str name.
	 * @param str email.
	 * @return bool: True on success, false on errors (and saves error code on $this->userError).
	 */
	function createUser($username, $password, $name, $email) {
		assert('is_string($username) & !empty($username)');
		assert('is_string($password) & !empty($password)');
		assert('is_string($name) & !empty($name)');
		assert('is_string($email) & !empty($email)');
		$this->openDB();
		$res = $this->DBquery("select `username` from `User` where `username`='".$this->DBescape($username)."'");
		if ( $row=$this->DBfetch_assoc($res) ):
			$this->userError = "user_alreadyExists";
			$this->closeDB();
			return false;
		else:
			$this->DBquery("insert into `User`(`username`, `password`, `name`, `eMail`, `level`)
			values('".$this->DBescape($username)."','".$this->DBescape(md5($password))."','".$this->DBescape($name)."','".$this->DBescape($email)."','3')");
			$this->closeDB();
			return $this->validateUser($username,$password);
		endif;
	}
}

}


?>
